II. Responsible person
Bossard AG, Steinhauserstrasse 70, 6301 Zug, Switzerland (“Bossard,” “we” or “us”) is responsible for the processing of personal data associated with the use of the website www.bossard.com.
III. Contact data
Bossard AG, Legal Department, Steinhauserstrasse 70, 6301 Zug, Switzerland
E-mail address: email@example.com
IV. Nature and purpose of processing and respective legal basis and storage duration
We process personal data that we receive from our customers and other business partners in the course of our business relationship with them and other persons involved in it, or that we collect from their users when operating our website, apps and other applications. Specifically, we process your personal data for the following purposes. Please note that we will only process your personal data for other purposes if we are legally obliged to do so (e.g. transfer to courts or law enforcement authorities), if you have consented to the respective processing or if the processing is otherwise lawful under applicable law. We store personal data as long as it is necessary for the fulfilment of our contractual and legal obligations as well as in accordance with the statutory retention and documentation obligations. We process and store personal data of data subjects only for as long as is necessary to achieve the purpose pursued and beyond that in accordance with the statutory retention and documentation obligations. In this context, it is possible that personal data is retained for the time during which claims can be asserted against our company or legitimate business interests require this (e.g. for evidence and documentation purposes). As soon as the personal data is no longer required for the purposes pursued, it is deleted or anonymized as far as possible. More detailed information on when the data collected will be deleted can be found below in this section IV.
1. When visiting our website
When visiting our website, our servers temporarily save every access in a log file. The following data can be collected without your assistance and we will save it until it is automatically deleted after no more than 90 days:
- IP address of the requesting computer or WAF;
- Date and time of access;
- Time zone difference from Greenwich Mean Time (GMT);
- Name and URL of the accessed file;
- Website from which the access occurs (referrer URL); if applicable with the search word used;
- Operating system of the requesting computer and the browser used (type, version and language);
- Transmission protocol used (e.g. HTTP/1.1);
- Status code (e.g. error message);
- If applicable, your user name from a registration/authentication; and
Access provider. The collection and processing of this data occurs to allow the use of our website (establishing a connection), permanently ensure the system security and stability and for the technical administration of the network infrastructure. We therefore cannot make any conclusions about you as a person.
Article 6 (1) lit. f GDPR is the legal basis for this processing. The legitimate interest is to enable the use of the website. You can receive more information about the consideration of interests by request.
2. When downloading know-how
A comprehensive selection of documented expertise about fastening technology is available to read and download on our website. You must register before downloading this information. We collect the following data as part of the registration on the website:
- First name, last name
- E-mail address
- Job title
- Choosing to subscribe to our newsletter and the desired country of the newsletter
Disclosing this data is voluntary. However, if you do not specify this data, we will not provide you with the corresponding information. This data is collected to prevent improper use as much as possible. Article 6 (1) lit. b GDPR is the legal basis for this processing. The data will be deleted by us after 30 days. In addition, you can subscribe to the newsletter during the registration (see section IV.3.).
3. When subscribing to our newsletter
If you have expressly consented, we will use your e-mail address to send you our newsletter on a regular basis and to also inform you of offers and promotions from time to time. You only need to specify your last name, first name, country, and an e-mail address in order to receive the newsletter.
Disclosing this data is voluntary. However, if you do not specify this data, we cannot provide you with the newsletter or may not be able to provide it to you fully. Article 6 (1) lit. f GDPR is the legal basis for this processing with respect to the general newsletter. The legitimate interest is that the processing of your data is necessary to send you the newsletter as desired. You can receive more information about the consideration of interests by request. Article 6 (1) lit. a GDPR is the legal basis for this processing with respect to a personalized newsletter.
There is a link at the end of every newsletter that you can use to unsubscribe from the newsletter at any time. After unsubscribing, your data is deleted or anonymized, unless storing your e-mail address is necessary to ensure that you no longer receive a newsletter.
4. When using the contact form
You can send us general inquiries via the contact form provided on our website. You must enter a valid e-mail address as well as your title, last name, first name, your zip code, city and your country as well as your message. This data is collected in order to know from who an enquiry is originated, to be able to answer it in the best possible and individual way and to respond as requested (by mail, telephone or e-mail). Additional information can be provided optionally.
If you do not specify this data, we cannot answer your inquiry or we may not be able to answer it fully. Article 6 (1) lit. f GDPR is the legal basis for this processing. The legitimate interest is that the processing of your personal data is necessary to be able to respond to your inquiries accordingly. You can receive more information about the consideration of interests by request. The personal data will be deleted The data is deleted when the respective conversation with you has ended. The conversation is ended when the circumstances indicate that the matter in question has been conclusively clarified.
5. When using the E-Shop
a) Customer account
To be able to place orders via the e-shop, you must set up a password-protected customer account. This contains an overview of orders placed and active order processes. If you leave the e-shop as a customer, you will be logged out automatically. To set up a customer account, you must provide a valid e-mail address, telephone number, the name of your company, your last name and first name, billing address and delivery address. Further details can be given voluntarily. You can view the information in your customer account at any time, add new delivery addresses to your customer account and change your own login information (first name, last name, email and password). When you update your information, we keep a copy of your original details on file so that we can clarify any issues between you and us.
Those data that are necessary for delivery or order processing are transferred to third party service providers. Your data will only be used as long as it is necessary for the existing customer relationship. Notwithstanding the foregoing, we are obliged by commercial and tax law to store your address, payment and order data for a period of ten years.
If no orders are open, you have the option of deleting your customer account at any time upon notice to us.
We assume no liability for password misuse, unless this is caused by ourselves.
b) Order without customer account
Customers in Switzerland do not have to set up a customer account to order via the e-shop and can order as a guest. In this case, you are required to provide your surname and first name, e-mail address, billing and delivery address, credit card details and customer order reference. Further information can be provided voluntarily.
Those data which are necessary for delivery or order processing are transferred to third party service providers. Your data will only be used as long as it is necessary for the existing customer relationship. Notwithstanding the foregoing, we are obliged by commercial and tax law to store your address, payment and order data for a period of ten years
c) Credit check
To ensure your and the operator's security, we may perform a credit check before delivering a login to the customer account or completing an order. In addition to checking past transactions with us and any changes to your personal data, we also use third party service providers.
6. When using the Bossard Scan App for the use of the E-Shop
Certain information is already used automatically as soon as you use the Bossard Scan App. We have listed below for you which personal data is processed:
a) Information collected during download
When downloading the Bossard Scan App, certain required information is transferred to the app store selected by you (e.g. Google Play or Apple App Store), in particular the user name, the e-mail address, the customer number of your account, the time of the download, payment information and the individual device identification number may be processed. The processing of this data is carried out exclusively by the respective app store and is beyond our control.
b) Information that is collected automatically
As part of your use of the Bossard Scan App, we automatically collect certain data that is required for the use of the Bossard Scan App. This includes: Version of your operating system, time of access.
This data is automatically transmitted to us and stored for a period of 90 days (1) to provide you with the service and related features; (2) to improve the functions and performance features of the Bossard Scan App; and (3) to prevent and remedy misuse and malfunctions. This data processing is justified by the fact that (1) the processing is necessary for the performance of the contract between you as the data subject and us pursuant to Art. 6 para. 1 lit. b GDPR for the use of the app, or (2) we have a legitimate interest in ensuring the functionality and fault-free operation of the Bossard Scan App and to be able to offer a service that is in line with the market and interests, without your rights and interests in the protection of your personal data within the meaning of Art. 6 (1) lit. f GDPR prevailing here.
c) Use of the Bossard Scan App
Within the Bossard Scan App you can enter, manage and edit various information, tasks and activities. You can use the Bossard Scan App to create an order list (by scanning the barcode or manually entering the item number). The order list is transmitted to the e-shop after successful login to your customer account.
The Bossard Scan App also requires the following authorizations:
- Internet access: This is required to log in to the Bossard customer account and place the order.
- Camera access: This is required to be able to scan the barcode so that the corresponding item can be added to the order list.
The processing and use of usage data is carried out for the provision of the service. This data processing is justified by the fact that the processing is necessary for the performance of the contract for the use of the Bossard Scan App between you as the data subject and us pursuant to Art. 6 (1) lit. b GDPR.
7. When using Real Time Manufacturing Services (RMS)
In order to use the Real Time Manufacturing Services (RMS) via our website, you must set up a customer account. In the course of the set-up of the customer account, we collect the following data:
- First and last name
- Company name
- Company address
- E-mail address
- User name
- Phone number
- User role
You also have the option of using the chat function. The chat history is assigned to your registered customer account.
The provision of this data is voluntary. However, if you do not provide this data, you will not be able to use the RMS. The data processing is justified by the fact that the processing is necessary for the performance of the contract for the use of the RMS between you as the data subject and us pursuant to Art. 6 (1) lit. b GDPR.
Those data which are necessary for delivery or order processing are transferred to third party service providers. Your data will only be used as long as it is necessary for the existing customer relationship. Notwithstanding the foregoing, we are obliged by commercial and tax law to store your address, payment and order data for a period of ten years.
If no orders are open, you have the option of deleting your customer account at any time upon notice to us.
V. Datatransfer and Transfer of Data Abroad
We process your personal data in departments that need to know the personal data.
We may send your personal data to the recipients and categories of recipients listed below for the respective purposes. You can find additional information about the recipients and categories of recipients below in the Cookie Settings.
1. Private third parties – affiliated companies or other third parties (business partners of ours, including dealers, suppliers, subcontractors and customers).
2. Order processor – When providing our services, we rely on various (technical) service providers (affiliated companies or third parties) to provide our services, while observing the applicable data protection law. Personal data is transferred to third parties in this context only so that these service providers can process the personal data on our behalf and based on our instructions (so-called “order processing,” the service provider is the “order processor”), insofar as this is required to provide our services. The order processors are subject to contractual obligations for the implementation of reasonable technical and organizational measures to protect your personal data and they only process your data according to our instructions.
3. Public authorities, courts, external advisors – if required or legally permissible.
Your personal data is generally only processed and used within the EU. If a data transfer occurs within the EU and use occurs outside the EU as an exception (e.g. to technical service providers), this always happens in compliance with the applicable data protection law.
The above-mentioned recipients are partly domestic, but may also be located abroad. If we transfer data to a country outside the European Economic Area for which there is no European Union adequacy decision (e.g. to technical service providers), we ensure an adequate level of protection by means of contractual guarantees. You can always contact us via the contact data mentioned above in section III. in order to obtain further information the corresponding guarantees.
VI. Automated decision-making
We do not carry out any automated decision-making through our website regarding the processing of personal data.
VII. Your Rights
If you have consented to the processing of your personal data, you can always revoke your consent with effect for the future. Such a revocation does not affect the legality of the processing carried out based on the consent until the revocation.
You can also view and change the data stored in your customer account by logging into our website with your login data. You can delete your data or your entire customer account at any time upon notice to us. We point out that in the case of your data being deleted, it is not possible or not fully possible to utilize our offering.
You may have the following rights pursuant to the applicable provisions of the EU General Data Protection Regulation as well as applicable national data protection laws:
According to the applicable data protection law, you may have the right to (i) information, (ii), rectification, (iii) deletion, (iv) restriction of processing, (v) data transferability and/or (vi) objection to processing. The aforementioned rights may be restricted by national data protection law. To exercise these rights, please contact us as described in section III.
(i) Right to information: You may have the right to ask us to confirm whether personal data about you is being processed and, if this is the case, a right to information about this personal data. The right to information includes, among other things, the processing purposes, the categories of personal data that are processed and the recipients or categories of recipients to whom the personal data is disclosed. You also may have the right to receive a copy of personal data that is the subject of the processing. However, this right is not unrestricted, because the rights of other persons may restrict your right to receive a copy.
(ii) Right to rectification: You may have the right to request the correction of incorrect personal data concerning you. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary declaration.
(iii) Right to deletion (“right to be forgotten”): Under certain circumstances, you have the right to ask us to delete personal data concerning you and we are obligated to delete the personal data.
(iv) Right to restriction of processing: Under certain circumstances, you have the right to ask us to restrict the processing of your personal data. In this case, the corresponding data is marked and we only process it for certain purposes.
(v) Right to data transferability: Under certain circumstances, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, standard and machine-readable format. You also have the right to send this data to another person responsible without hindrance from us.
(vi) Right to objection as per article 21 General Data Protection Regulation
For reasons that result from your particular situation, you have the right at any time to object to the processing of the personal data concerning you that is occurring as per article 6 paragraph 1 letter e (data processing in the public interest) and f (data processing based on legitimate interests) of the General Data Protection Regulation. If you object, we will no longer process your personal data, unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercising or defense of legal claims.
If personal data is processed for the purposes of direct mail advertising, you have the right at any time to object to the processing of personal data concerning you for the purposes of such advertisement. This also applies to profiling if this is associated with such direct mail advertising.
Please note that the aforementioned rights may be restricted by national law. To claim one of your rights listed above or if you have questions about your rights, you can always contact us via the contact data mentioned above in section III.
You also have the right to submit a complaint to the competent data protection authority.
VIII. Cookies and similar technologies
According to applicable law, we may store cookies on your device if they are necessary for the operation of our website. For all other cookie types we need your consent. This website uses different types of cookies. You can configure your browser so that no cookies or only certain cookies are stored on your computer. However, deactivating cookies may mean that you cannot use all the functions of our website. You will find additional information about the nature, name, type, purpose of collection, storage duration of cookies, etc. in the Cookie Settings.
- Required Cookies. Article 6 (1) lit. f GDPR is the legal basis for the processing of personal data associated with the necessary cookies. The legitimate interest is that we can offer the functionality of the website. You can receive more information about the considerations of interests above by request.
- Statistical Cookies. Article 6 (1) lit. a GDPR is the legal basis for the processing of personal data associated with statistical cookies.
- Marketing Cookies. Article 6 (1) lit. a GDPR is the legal basis for the processing of personal data associated with marketing cookies.
- Unclassified Cookies. Article 6 (1) lit. a GDPR is the legal basis for the processing of personal data associated with unclassified cookies.
Retargeting is a process by which we want to address you again. After visiting our website, this application allows you to see our ads when you continue to use the internet. This is done by means of the cookies stored in your browser, through which your usage behavior is recorded and evaluated by our retargeting partner Google Ads when visiting different websites. In this way, your previous visit to our website can be determined by the retargeting partners. According to their own statements, our retargeting partners do not merge the data collected as part of retargeting with your personal data, which may be stored by our retargeting partners. In particular, our retargeting partners say that they use a pseudonymization during retargeting.
4. Web Analytics and Tracking
a) Google Analytics
- Navigation path that a visitor follows on the website
- the time spent on the website or sub-page
- the sub-page on which the website is left
- the country, region or city from which the website is accessed
- End device (type, version, color depth, resolution, width and height of browser window)
- Returning or new visitors
The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to website and internet usage for the purposes of market research and to tailor this website to your needs.
The provider of Google Analytics is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Before the data is transmitted to the provider, the IP address is shortened by activating IP anonymization ("anonymize IP") on this website within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. The anonymized IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. In these cases, we ensure through contractual guarantees that Google maintains a sufficient level of data protection. According to Google, in no case will the IP address be associated with other data relating to the user.
Further information about the web analysis service used can be found on the Google website: https://policies.google.com/privacy.
Instructions on how to prevent the processing of your data by the web analysis service, in addition to revoking your consent, can be found here: https://tools.google.com/dlpage/gaoptout
We use the tracking tool of Hotjar Ltd (St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 3155, Malta) on our websites. The use of Hotjar allows us to record mouse clicks, mouse movements and scroll movements as well as keystrokes. The processing of this data serves to continuously improve and expand our website.
Hotjar uses a tracking code to collect and transmit your data. If you have given your consent, the Hotjar tracking code collects the data based on your activity and stores it on the Hotjar servers in Ireland. In addition, the cookies placed on your computer or terminal device by the website also collect data in this case. In addition to revoking your consent, you can deactivate or restrict the transfer of cookies by changing the settings in your internet browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. The option of how you can prevent the processing of your data by the web analysis service, in addition to revoking your consent, can be found here: https://www.hotjar.com/privacy/do-not-track/
The legal basis for the processing of data for this purpose is your consent pursuant to Art. 6 (1) lit. a GDPR.
c) Firebase Analytics
In order to design and optimise the use of the Bossard Scan App in line with requirements, we use Firebase Analytics. User data is transmitted anonymously to Google Firebase in the USA (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). On our behalf, Google Firebase evaluates the data the way you use the App, as this data is necessary for us to ensure and further improve the stability and security of the Bossard Scan App. The data collected in this way is not merged with your other customer information, but is included in anonymous statistics. The legal basis for processing the data for this purpose is your consent in accordance with Art. 6 (1) lit. a GDPR.
You can find more information about the web analysis service used on the Google Firebase website https://www.firebase.com/terms/privacy-policy.html
Instructions on how to prevent the processing of your data by the web analysis service, in addition to revoking your consent, can be found here: https://firebase.google.com/docs/analytics/configure-data-collection
5. Social-Media Plugins
We use plug-ins from social networks on our website. This is apparent to you in each case (typically via corresponding icons). We have configured these elements so that they are deactivated by default. Only by activating them by clicking on them and thus giving your consent (Art. 6 (1) lit. a GDPR) to the transmission of data, a direct connection to the servers of the respective social network is established. The content of the respective plugin is then transmitted directly to your browser by the associated provider and integrated into the page.
When you click on the relevant social network icons, you will be linked to the relevant social network to perform the selected functionality, e.g. to share a content on Facebook or tweet on Twitter. To do this, however, you must log in to your user account or already be logged in. If you select one of the provided functionalities and click on the icon of the relevant social network, a direct connection is established between your browser and the server of the relevant social network. With that the network will be provided with the information that you have visited our website with your IP address and called up the link. If you call up a link to a social network while you are logged into your account with the social network concerned, the content of our websites may be linked to your profile with the social network. This means that the social network can assign your visit to our websites directly to your user account. If you wish to prevent this, you should log out before clicking on the corresponding links. An assignment will take place in any case if you log in to the relevant network after clicking on the link.
We provide you with plugins from the following social networks:
- Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
- WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
- Kakao Corp., 242, Cheomdan-ro, Jeju-si, Jeju-do, 63309, Korea
- WeChat:Tencent International Service Europe B.V., Attn: Data Protection Officer, Legal Department, 26.04 on the 26th floor of Amstelplein 54, 1096 BC Amsterdam, Netherlands, or via email at firstname.lastname@example.org
- XING AG, Dammtorstrasse 29-32, 20354 Hamburg, Germany
- Twitter, Inc., 1355, Market Street, Suite 900, San Francisco, CA 94103, USA
- YouTube LLC, Privacy Matters c/o Google Inc., 901 Cherry Ave., San Bruno, CA 94066, USA
The purpose and scope of the data collection and the further processing and use of the data by the respective social network as well as your rights in this regard and setting options for protecting your privacy can be found in the privacy notices of the respective social networks.
6. Further Technologies
The legal basis for the aforementioned data processing lies in our legitimate interest in the economic operation of our online offer (Art. 6 para. 1 lit. f GDPR).
We use the chat solution from Intercom (Intercom Inc., 55 2nd Street, 4th Floor, San Francisco, CA 94105, USA) to communicate and interact with our users. You are responsible for the messages or content that you send to us via the chat function. We recommend that you do not transmit any sensitive information via the chat function. Personal data is only collected if you voluntarily transmit it to us in the chat. It is therefore up to you which information you transmit to us. In order to be able to answer your chat questions, we may ask you to provide us with additional information, e.g. your e-mail address, your telephone number, etc. We will only collect the personal data that you provide to us voluntarily. We will only collect the personal data from you that is necessary to answer your questions or to provide the services you have requested.
The legal basis for the aforementioned data processing lies in our legitimate interest in processing your chat request or message (Art. 6 para. 1 lit. f GDPR).
We use the following additional technologies on our website:
Within our e-shop, we use the SaferPay payment system. You can find more information on the collection and use of your data by SaferPay in the data protection declaration of SIX Payment Services https://www.six-payment-services.com/de/services/legal/privacy-statement.html
You can also find more information about this and other technologies in the Cookie Settings.
IX. Data Security
We use suitable technical and organizational security measures to protect your personal data we store against manipulation, partial or complete loss and from unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.
When you register with us as a customer, you can only access your customer account after entering your personal password.